Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
node_modules
out/
dist/
# native helper build outputs (Mac CU helper .app + Win blitz-cu-helper.exe) are built on demand by
# dist-mac.sh / dist-win.ps1 and bundled via extraResources; never commit the large binaries or the
# .NET intermediates from the Windows helper project.
native/computer-use-helper/build/
native/computer-use-helper/win/bin/
native/computer-use-helper/win/obj/
# …but the VENDORED agent-socket SDK's dist must be IN the repo (CI builds from a clean checkout)
!vendor/agent-socket-sdk/dist/
*.log
Expand Down
77 changes: 43 additions & 34 deletions electron-builder.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,40 +21,9 @@ files:
# UNPACKED below; onboarding.ts swaps app.asar -> app.asar.unpacked when packaged.
- scripts/onboarding-scan.mjs
- src/main/blitzos-onboarding.md
extraResources:
# Portable tmux (arm64, static libevent + system curses, Developer-ID signed): the agent-terminal
# runtime ships WITH the app — the user never installs dependencies (docs/prod-ci.md).
- from: vendor/bin/tmux
to: bin/tmux
# The Computer Use helper (separate Developer-ID-signed .app that holds Accessibility + Screen
# Recording TCC, so BlitzOS never quits/reopens for them — plans/blitzos-computer-use-helper.md).
# Built + signed by scripts/dist-mac.sh before packaging; the lifecycle manager (computer-use-
# helper.ts) installs it to ~/Library/Application Support/BlitzOS and launches it via LaunchServices.
- from: "native/computer-use-helper/build/BlitzOS Automation.app"
to: "BlitzOS Automation.app"
# The native dynamic-island HUD (faceless ⌥Space notch helper — plans/blitzos-dynamic-island.md).
# Built + signed by scripts/dist-mac.sh before packaging (same as the CU helper above); index.ts
# resolves it at process.resourcesPath/BlitzIsland.app and launchIslandHelper (island-bridge.mjs)
# `open`s it. Without this copy the packaged candidate never exists and the HUD never starts in prod.
- from: native/island-helper/build/BlitzIsland.app
to: BlitzIsland.app
# The runtime Dock-icon source for dev/notch-mode branding (index.ts app.dock.setIcon) — an INSET copy (the
# standard macOS icon grid, ~86% / 7% margin) so app.dock.setIcon renders it at the same Dock tile size as
# the other mac apps. Shipped UNPACKED so the packaged build reads it at process.resourcesPath/blitz-dock-icon.png.
- from: src/renderer/src/assets/blitz-dock-icon.png
to: blitz-dock-icon.png
# The notch-geometry CLI: reads the EXACT physical notch from NSScreen so the always-interactive notch hit-window
# sits over the real cutout (src/main/notch-overlay.ts readNotchGeometry resolves it at process.resourcesPath/
# notch-geometry). No notch => hasNotch:false and BlitzOS draws no band. Plain binary, no TCC/entitlement needed.
- from: native/notch-geometry/notch-geometry
to: notch-geometry
# Product activity-logging config ({url, WRITE-ONLY ingest key}). CI (release.yml) writes build-config/activity-
# logging.json from repo secrets ONLY when ACTIVITY_INGEST_KEY is set; in local/fork builds the file is absent and
# this resource is skipped → analytics OFF (activity-logging.mjs reads it at process.resourcesPath/activity-
# logging.json, after the local ~/.blitzos override). The bundled key is extractable from the public app, so it is
# an ingest-only credential you can rotate, never an account/app token. Never committed (.gitignore: build-config/).
- from: build-config/activity-logging.json
to: activity-logging.json
# extraResources are declared PER-PLATFORM (under mac: / win: below), NOT at top level, so a Windows pack
# never inherits the macOS build outputs (the .app bundles + notch-geometry, which only dist-mac.sh
# produces) or the arm64 tmux. Cross-platform resources (activity-logging) are listed under each platform.
asarUnpack:
- scripts/onboarding-scan.mjs
- src/main/blitzos-onboarding.md
Expand All @@ -75,4 +44,44 @@ mac:
extendInfo:
# the scan reads user data (Branch B/A) and the app drives local automation
NSAppleEventsUsageDescription: BlitzOS automates apps on your behalf.
# macOS runtime resources (built by scripts/dist-mac.sh): portable arm64 tmux, the two signed helper
# .app bundles, the notch-geometry CLI, the dock-icon source, and the optional activity-logging config
# (skipped when absent in local/fork builds). Declared HERE so a Windows pack never tries to copy them.
extraResources:
- from: vendor/bin/tmux
to: bin/tmux
- from: "native/computer-use-helper/build/BlitzOS Automation.app"
to: "BlitzOS Automation.app"
- from: native/island-helper/build/BlitzIsland.app
to: BlitzIsland.app
- from: native/notch-geometry/notch-geometry
to: notch-geometry
- from: src/renderer/src/assets/blitz-dock-icon.png
to: blitz-dock-icon.png
- from: build-config/activity-logging.json
to: activity-logging.json
win:
# The Windows Computer Use helper ships as ONE self-contained .NET single-file exe (the analog of the
# Mac "BlitzOS Automation.app"), built by native/computer-use-helper/build-win.ps1 to
# native/computer-use-helper/build/blitz-cu-helper.exe. computer-use-helper.ts resolves it at
# process.resourcesPath/blitz-cu-helper.exe (installedHelperExe) and spawns it with the named-pipe
# socket path; Windows has no TCC, so there is no install-to-AppData step. Build everything with
# `npm run dist:win` (scripts/dist-win.ps1), which builds the helper first then packages.
icon: src/renderer/src/assets/blitz-dock-icon.png # 1024x1024; electron-builder generates the .ico
target:
- target: nsis
arch: [x64]
extraResources:
- from: native/computer-use-helper/build/blitz-cu-helper.exe
to: blitz-cu-helper.exe
# cross-platform analytics config; skipped when absent (local/fork builds)
- from: build-config/activity-logging.json
to: activity-logging.json
nsis:
# perMachine installs into Program Files, the trusted path required before app.manifest uiAccess="true"
# (+ Authenticode signing) can let the helper drive ELEVATED windows. oneClick:false shows the standard
# wizard so the install elevation prompt is explicit.
oneClick: false
perMachine: true
allowToChangeInstallationDirectory: true
npmRebuild: false
19 changes: 19 additions & 0 deletions native/computer-use-helper/build-win.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Build the Windows Computer Use helper: ONE self-contained single-file exe, the analog of build.sh
# (which builds the signed BlitzOS Automation.app on macOS). Output:
# native/computer-use-helper/build/blitz-cu-helper.exe
# electron-builder.yml (win.extraResources) ships it to process.resourcesPath; computer-use-helper.ts
# installedHelperExe() resolves it there. Windows has NO TCC, so no signing is required to RUN the helper;
# Authenticode signing is only needed later to flip app.manifest uiAccess="true" (drive elevated windows).
$ErrorActionPreference = 'Stop'
$here = $PSScriptRoot # native/computer-use-helper
$proj = Join-Path $here 'win\blitz-cu-helper.csproj'
$out = Join-Path $here 'build'

Write-Host "[cu-helper] dotnet publish -> $out"
dotnet publish $proj -c Release -r win-x64 --self-contained -p:PublishSingleFile=true -o $out
if ($LASTEXITCODE -ne 0) { throw "[cu-helper] dotnet publish failed ($LASTEXITCODE)" }

$exe = Join-Path $out 'blitz-cu-helper.exe'
if (-not (Test-Path $exe)) { throw "[cu-helper] publish produced no exe at $exe" }
$mb = [math]::Round((Get-Item $exe).Length / 1MB, 1)
Write-Host "[cu-helper] built -> $exe ($mb MB)"
Loading